-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CAL-3060] JSON Error during login due to incorrect encoding on CALENDSO_ENCRYPTION_KEY #13290
Comments
thank you for the detailed report. i think you can get some self hosting help in our community: https://go.cal.com/discord |
So what is the fix? I just finished setting up this and facing same issue. Unable to gain admin access since it requires 2FA |
if i understand correctly, a fix has been provided already with #13484 but has been declined by the dev team for the greater goal of #12698. i also found that https://hub.docker.com/r/calcom/cal.com/tags is pretty outdated – 3.9.8 was just released, 3.9.1 is available on docker hub. just thinking loud... |
To be super clear this means the current |
As a short-term fix, I'd propose changing the
to
It'll fill the gap temporarily given the current command doesn't work, and I think it's reasonable to assume most users have python installed :) |
Issue Summary
After a fresh install, I go to login and after about 20 seconds, i see this error pop up in the login screen:
Note related issues: #9527 #9690
Original issue: calcom/docker#321
Steps to Reproduce
docker compose up -d
Actual Results
Expected Results
Not have issues with the encryption key.
Technical details
Environment:
Hosting service: GCP e2-small
OS: Debian Bullseye
Docker Images: see docker compose file
Config:
I kept the defaults from here, however ive updated the NEXT_PUBLIC_WEBAPP_URL to be my own domain.
Evidence
This was tested using the docker containers outlined above, both locally and in the cloud to limit any additional sources of error.
Here are my findings in the order in which i found them:
update 1
I do see this error in the browser console:
update 2
It looks like the fetch call to '...api/auth/two-factor/totp/setup' is returning an internal server error, which then sends back the JSON error when the response.json() function is called.
update 3
Default config is outdated. The newer config file makes sure to specify the length of the encryption key:
update 4
So even changing the key to a 32 byte key using the algo mentioned above, the error still persists:
update 5
Doing some local testing with the touched code, it looks like the base64 encoding of the string generated through openssl rand -base64 32 command, is failing when converting into a buffer which sets the encoding to latin1, resulting in a 44 length string, not 32. This is what causes the error.
update 6
Temporary solution would be to just create a 32 character long alphanumeric string without the openssl function, and updating the docs/comments to reflect the importance of this, seeing as the Buffer.from function expects the string to be binary/latin1 encoded
From SyncLinear.com | CAL-3060
The text was updated successfully, but these errors were encountered: